Business ethics, privacy, and security

Explanation of the material topic and its boundaries

We believe in doing business the right way every day. Conducting ourselves with honesty and integrity and maintaining high standards around privacy and security are vital to u-blox employees around the world. It is also essential if we are to win and maintain the respect of our customers, investors, business partners, and the communities where we operate.  

 

Our approach to business ethics, privacy, and security

The u-blox Code of Conduct was updated in 2022 and is based on the UN Global Compact’s 10 guiding principles, simplified into 7 core principles. These principles cover human rights, labor, the environment, and anti-corruption; they feed into every aspect of our business, both strategically and operationally, and are the foundation of our approach to business ethics, privacy, and security.

Annual business ethics training

Everyone at u-blox regularly receives business ethics training, which provides practical guidance on responding in different situations. The u-blox Code of Conduct is an important resource that sets forth our fundamental commitment to conducting business ethically and honestly. We are absolutely committed to winning with integrity! The Code of Conduct clearly lays out what we ask of our employees and is designed to help them deal with difficult situations, upholding our reputation as a company with integrity that can be trusted. We do business responsibly and ethically and are committed to sustainable development while respecting the needs of the individual, society, and the environment.

 

Zero tolerance for bribery and corruption

A key pillar in the u-blox Code of Conduct is our zero tolerance for bribery and corruption. Both are the antithesis of doing business the right way. We do not give or accept bribes and have clear guidelines for employees to follow regarding gifts and entertainment.

 

“One of the central pillars of the u-blox Code of Conduct is the policy we set out in 2002 prohibiting the sale of our products for weapons and weapon systems.”

 

No weapons or weapon systems

Sometimes, IoT innovations developed to benefit humanity can also be used to cause harm.  One of the central pillars of the u-blox Code of Conduct is the policy we set out in 2002 prohibiting the sale of our products for use in weapons and weapon systems - including systems for target identification.

All u-blox products are designed for lawful, commercial use and civilian purposes only. Our global sales teams are regularly trained on u-blox's policy and distributors are contractually obliged to adhere to these restrictions:

 

We do not sell products when the intended use is for integration into weapons or weapon systems, including:

• Guns, cannons, or weapon systems, e.g., systems for identifying or localizing targets
• Systems for the guidance of missiles, bombs, or bullets
• Military drones, military unmanned vehicles, or military robots

 

We do not sell to trade embargoed countries, including:

Belarus, Iran, North Korea, Sudan, Syria, Cuba, Russia, and the territories occupied by Russia in Ukraine. In 2022 we added all members of the Eurasian Economic Union because its members are in a free trade zone with Russia and Belarus.

 

Speak Up at u-blox

Our Speak Up whistle-blower program provides a safe, easy, and anonymous way for employees to report potential misconduct related to our business. Complaints can be made directly through an externally provided service, which allows reporting anonymously. Our Compliance Committee will investigate all reports and has the power to set binding actions that require the relevant part of the business to follow. The binding advice can be overruled by a majority of the Executive Committee. The Compliance Committee (General Counsel and Head of Human Resources) refers to the Audit Committee. These could include organizational measures to protect against similar occurrences in the future and individual disciplinary action. Further, the u-blox program protects whistle-blowers against dismissal, demotion, and other forms of retaliation.

More about the Speak Up program

Protecting Intellectual Property

u-blox has invested over CHF 1 billion in our core IP over the last 15 years.  Our intellectual property (IP), which includes patents, trademarks, copyrights, and trade secrets, comprises some of our most valuable assets. We treat it extremely carefully to protect our market position and competitive advantage. Moreover, we invest heavily in growing this IP portfolio every year, with more than 20% of our revenue dedicated to R&D to generate a constant flow of innovation. Equally important, we respect the intellectual property rights of others. We are willing licensees to standard essential patents (SEPs).

 

Digital and physical security

Our company-wide security function, led by our Corporate Security Management team, utilizes our Information Security Management System aligned with ISO/IEC 27001 and Common Criteria (ISO/IEC 15408) requirements. In addition, specialized security experts and other stakeholders from across our business are responsible for the security of our physical sites worldwide, as well as our information systems, products, and services. The Executive Committee reviews and steers the security status and activities in the quarterly Corporate Security Steering meeting. The company has an information security training program annually. The Board of Directors receives a quarterly Cyber Security Report. The company does not have an information security risk insurance policy.

 

Protecting Data Privacy

u-blox does not collect or use sensitive personal data for business purposes. u-blox complies with applicable data privacy laws. Particular attention is given to ensuring compliance with regard to the collection of personal data of our employees. We protect this data per the policies and procedures in our Information Security Management System (ISMS).

 

Designing secure products

To protect our customers – and theirs – against the many and varied threats their devices and data face in the connected world, it is our responsibility to create secure products. This means designing for security from the start.

IoT security is complex, fast-moving, and multi-faceted. Addressing it demands a sophisticated, multi-pronged approach. Security is built into our products. u-blox has established product standards based on industry requirements and best practices to form a foundation for building new generations of secure devices. Our internal network of Security Champions within the development teams enables us to provide secure products that fulfill these requirements.

We are continuously monitoring security requirements in critical markets such as Operational Technology (OT) and Automotive. Furthermore, we actively adopt requirements from emerging regulations, such as UN ECE R.155 or the EU Cybersecurity Act, and industry standards, such as ISO/SAE 21434.

In 2020, we signed the GSM Association (GSMA) Digital Declaration, a set of aspirational principles to guide activity in the digital age to build a sustainable and secure digital future.

Through our collaboration with digital security leader Kudelski Group, we are incorporating premium-grade security, including robust encryption key management, into our latest range of cellular products.

 

Proactive Security Monitoring, Testing & Threat Intelligence

To identify threats and vulnerabilities, we systematically engage a 3^rd party SOC for 24/7 security monitoring, and our in-house Red Team of security analysts. Furthermore, we collaborate with independent security researchers to test our products and IT infrastructure.

Additionally, we run an invite-only Bug Bounty on selected customer services, and we have a Responsible Disclosure Policy in place to enable individuals or organizations to report product and service vulnerabilities to us.

Cybersecurity collaboration with suppliers and customers

In 2022 u-blox Corporate Security has continued to strengthen security collaboration with our most critical contract manufacturing partners and other critical suppliers. We have started to conclude Security Agreements with our key suppliers to ensure an adequate control level and fulfillment of ISO/IEC 27001, ISO/IEC 15408, and ISO/SAE 21434 requirements.

Furthermore, we have collaborated with our critical suppliers to ensure the preparedness of our Supply Chain for potential power shortages in Winter 2022/2023.

We have also worked closely with our customers’ security teams to align security requirements towards u-blox products and infrastructure, coordinate security issue handling, and share information on current security issues and threats.